View Javadoc
1   /*
2    * Copyright (c) 2002-2023, City of Paris
3    * All rights reserved.
4    *
5    * Redistribution and use in source and binary forms, with or without
6    * modification, are permitted provided that the following conditions
7    * are met:
8    *
9    *  1. Redistributions of source code must retain the above copyright notice
10   *     and the following disclaimer.
11   *
12   *  2. Redistributions in binary form must reproduce the above copyright notice
13   *     and the following disclaimer in the documentation and/or other materials
14   *     provided with the distribution.
15   *
16   *  3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
17   *     contributors may be used to endorse or promote products derived from
18   *     this software without specific prior written permission.
19   *
20   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21   * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23   * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
24   * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25   * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26   * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27   * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28   * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30   * POSSIBILITY OF SUCH DAMAGE.
31   *
32   * License 1.0
33   */
34  /*
35  * Copyright (c) 2002-2013, Mairie de Paris
36   * All rights reserved.
37   *
38   * Redistribution and use in source and binary forms, with or without
39   * modification, are permitted provided that the following conditions
40   * are met:
41   *
42   *  1. Redistributions of source code must retain the above copyright notice
43   *     and the following disclaimer.
44   *
45   *  2. Redistributions in binary form must reproduce the above copyright notice
46   *     and the following disclaimer in the documentation and/or other materials
47   *     provided with the distribution.
48   *
49   *  3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
50   *     contributors may be used to endorse or promote products derived from
51   *     this software without specific prior written permission.
52   *
53   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
54   * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
55   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
56   * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
57   * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
58   * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
59   * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
60   * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
61   * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
62   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
63   * POSSIBILITY OF SUCH DAMAGE.
64   *
65   * License 1.0
66   */
67  package fr.paris.lutece.plugins.adminauthenticationoauth2.business.authentication;
68  
69  import fr.paris.lutece.plugins.adminauthenticationoauth2.service.Oauth2Service;
70  import fr.paris.lutece.plugins.adminauthenticationoauth2.service.Oauth2Utils;
71  import fr.paris.lutece.plugins.oauth2.business.Token;
72  import fr.paris.lutece.plugins.oauth2.service.DataClientService;
73  import fr.paris.lutece.plugins.oauth2.service.TokenService;
74  import fr.paris.lutece.portal.business.user.AdminUser;
75  import fr.paris.lutece.portal.business.user.authentication.AdminAuthentication;
76  import fr.paris.lutece.portal.service.admin.AccessDeniedException;
77  import fr.paris.lutece.portal.service.admin.AdminUserService;
78  import fr.paris.lutece.portal.service.security.UserNotSignedException;
79  import fr.paris.lutece.portal.service.util.AppLogService;
80  import fr.paris.lutece.portal.service.util.AppPropertiesService;
81  
82  import javax.servlet.http.HttpServletRequest;
83  import javax.servlet.http.HttpSession;
84  import java.io.IOException;
85  import java.util.ArrayList;
86  import java.util.Collection;
87  import java.util.Map;
88  
89  /**
90   * Data authentication module for admin authentication
91   */
92  public class AdminOauth2Authentication implements AdminAuthentication
93  {
94  
95      /**
96       *
97       */
98      public AdminOauth2Authentication( )
99      {
100         super( );
101     }
102 
103     @Override
104     public String getAuthServiceName( )
105     {
106         return AppPropertiesService.getProperty( Oauth2Utils.PROPERTY_AUTH_SERVICE_NAME );
107     }
108 
109     @Override
110     public String getAuthType( HttpServletRequest request )
111     {
112         return HttpServletRequest.BASIC_AUTH;
113     }
114 
115     @Override
116     public AdminUser login( String strAccessCode, String strUserPassword, HttpServletRequest request )
117     {
118         // There is no login required : the user is supposed to be already authenticated
119         return getHttpAuthenticatedUser( request );
120     }
121 
122     @Override
123     public void logout( AdminUser user )
124     {
125         // TODO Auto-generated method stub
126     }
127 
128     @Override
129     public AdminUser getAnonymousUser( )
130     {
131         throw new UnsupportedOperationException( "La methode getAnonymousUser() n'est pas encore implementee." );
132     }
133 
134     @Override
135     public boolean isExternalAuthentication( )
136     {
137         return true;
138     }
139 
140     @Override
141     public AdminUser getHttpAuthenticatedUser( HttpServletRequest request )
142     {
143         AdminUser user = null;
144         user = AdminUserService.getAdminUser( request );
145 
146         if ( user == null )
147         {
148             HttpSession session = request.getSession( true );
149             session.setAttribute( "luteceAdminLoginNextUrl", getLoginPageUrl( ) );
150             return null;
151         }
152 
153         // Reload User if info
154         if ( user instanceof AdminOauth2User )
155         {
156             AdminOauth2User../../../fr/paris/lutece/plugins/adminauthenticationoauth2/business/authentication/AdminOauth2User.html#AdminOauth2User">AdminOauth2User userOauth = (AdminOauth2User) user;
157             if ( userOauth.getToken( ).getRefreshToken( ) != null )
158             {
159                 AuthDataClient./../fr/paris/lutece/plugins/adminauthenticationoauth2/business/authentication/AuthDataClient.html#AuthDataClient">AuthDataClient authDataClient = (AuthDataClient) DataClientService.instance( ).getClient( Oauth2Utils.AUTH_DATA_CLIENT_NAME );
160                 Token token = TokenService.getService( ).getTokenByRefreshToken( userOauth.getToken( ).getRefreshToken( ) );
161                 try
162                 {
163                     Map<String, Object> mapUserInfo = authDataClient.parse( authDataClient.getData( token ) );
164                     return Oauth2Service.getInstance( ).processAuthentication( request, mapUserInfo, token );
165                 }
166                 catch( IOException e )
167                 {
168                     AppLogService.error( "error during retrieving user info with refresh token  ", e );
169                 }
170                 catch( AccessDeniedException | UserNotSignedException e )
171                 {
172                     // Not an error : the user is not authenticated or does not have the rights to access the application
173                     throw new RuntimeException( e );
174                 }
175 
176             }
177         }
178 
179         return user;
180     }
181 
182     @Override
183     public String getLoginPageUrl( )
184     {
185         return Oauth2Utils.getAuthClientConf( ).getRedirectUri( );
186     }
187 
188     @Override
189     public String getChangePasswordPageUrl( )
190     {
191         return AppPropertiesService.getProperty(Oauth2Utils.OAUTH2_CHANGE_PASSWORD_URL,null);
192     }
193 
194     @Override
195     public String getDoLoginUrl( )
196     {
197         return getLoginPageUrl( );
198     }
199 
200     @Override
201     public String getDoLogoutUrl( )
202     {
203         return Oauth2Utils.getAuthServerConf( ).getLogoutEndpointUri( );
204     }
205 
206     @Override
207     public String getNewAccountPageUrl( )
208     {
209         return AppPropertiesService.getProperty(Oauth2Utils.OAUTH2_NEW_ACCOUNT_URL,null);
210     }
211 
212     @Override
213     public String getViewAccountPageUrl( )
214     {
215         return AppPropertiesService.getProperty(Oauth2Utils.OAUTH2_VIEW_ACCOUNT_URL,null);
216     }
217 
218     @Override
219     public String getLostPasswordPageUrl( )
220     {
221         return AppPropertiesService.getProperty(Oauth2Utils.OAUTH2_LOST_PASSWORD_URL,null);
222     }
223 
224     @Override
225     public String getLostLoginPageUrl( )
226     {
227         return AppPropertiesService.getProperty(Oauth2Utils.OAUTH2_LOST_LOGIN_URL,null);
228     }
229 
230     @Override
231     public Collection<AdminUser> getUserList( String s, String s1, String s2 )
232     {
233         // TODO Auto-generated method stub
234         return new ArrayList<>( );
235     }
236 
237     @Override
238     public AdminUser getUserPublicData( String strId )
239     {
240         // TODO Auto-generated method stub
241         return null;
242     }
243 
244 }